Bugs/Feature Requests

First make sure you’ve ​installed setuptools. Make sure you have a version >= 0.6c9, since previous versions contain a bug which makes the installation fail.
xccx
Then you can install the plugin using the easy_install application.

AccountManager

This is the core of this plugin. This component must be enabled to use any of the other components.

HtDigestStore

Package

acct_mgr.htfile

Used to store passwords in the htdigest file format.

Warning: This password method may not work with ​mod_python due to a bug using Python’s md5 module under mod_python ("it has been reported that mod_python has trouble returning good MD5 strings. It has been speculated that this is because many apache mods are using the same md5 source (php and so forth), but this is not confirmed"). If you experience problems try ​FastCGI, ​mod_wsgi, or ​tracd.

To use this component to manage your password file you need to enable it as described above and add some additional configuration to ​trac.ini:

[components]
; be sure to enable the component
acct_mgr.htfile.HtDigestStore = enabled
[account-manager]
; configure the plugin to store passwords in the htdigest format:
password_store = HtDigestStore
; with Trac < 0.10 use this instead:
password_format = htdigest
; the file where user accounts are stored
; the webserver will need write permissions to this file
; and its parent folder
password_file = /var/trac/trac.htdigest
; the name of the authentication “realm”
; it can be any text to identify your site or project
htdigest_realm = TracRealm

LDAP

SessionStore

Package

acct_mgr.db

Stores password information in the trac database. This may give better behaviour if you have large numbers of users and are finding errors due to write contention on the password file. You must enable one or other of the hash method components. HtDigestHashMethod is the default.

NB : password_file points to a file which defines users/passwords this way : user = password

AccountManagerAdminPage

Package

acct_mgr.admin

Note: This component requires Trac 0.10 or later

This component adds a new page to the ​trac:WebAdmin section for managing user accounts. It requires the TRAC_ADMIN permission to access.

[components]
acct_mgr.admin.AccountManagerAdminPage = enabled

AccountModule

Package

acct_mgr.web_ui

Allows users to change their password, or delete their account. When logged in it will appear as a tab “Account” after clicking the “Preferences” link.

[components]
acct_mgr.web_ui.AccountModule = enabled

New for Trac 0.10: When used in combination with the LoginModule it adds a link to the login page “Forgot your password?” where users can reset their password if they’ve forgotten it. You will need to have your SMTP server information configured in your trac.ini for the “Forgot your password?” link to show up and enable AccountChangeListener.

[components]
acct_mgr.notification.accountchangelistener = enabled

New for Trac 0.11: When a user resets their password they will be required to change their password on the next successful login. This can be disabled via the trac.ini by setting force_passwd_change = false.

LoginModule

Package

acct_mgr.web_ui

Warning: this module is not supported using the ​tracd stand-alone server on Trac 0.9. It either needs Trac 0.10 or later, or an external webserver such as Apache.

Allows users to login via a HTML form instead of using HTTP authentication.

[components]
acct_mgr.web_ui.LoginModule = enabled

Disable HTTP authentication

To use the AccountManager’s form-based login system instead, add this to the
[components] section of your trac.ini:

trac.web.auth.LoginModule = disabled

When using the ​tracd server be sure not to use the --auth or --basic-auth options. Using either of these options will cause tracd to popup the username/password dialog box and you will not be able to use the HTML form.

If you have previously enabled authentication for Trac on Apache, you will need to disable it or Apache will popup the username/password dialog and you will be unable to use the HTML form. In order to disable the authentication look for a section in the Apache configuration file like:

Deleting or commenting the Require valid-user line should be sufficient to disable HTTP authentication. After you’ve tested it you can probably delete or comment out the rest of the authentication options.

RegistrationModule

Package

acct_mgr.web_ui

Enables users to register a new account. It adds a “Register” link on the same menu bar as the “Login” link.

[components]
acct_mgr.web_ui.RegistrationModule = enabled

Warning: You must enable one of the above password storage modules for the Registration Module to work.

Note: You must not enable ignore_auth_case in trac.ini as otherwise this module won’t work.

EmailVerificationModule

Package

acct_mgr.web_ui

If you enable this, users will be sent an email with a verification code to enter, to approve it is really their own email address:

[components]
acct_mgr.web_ui.EmailVerificationModule = enabled

Until they entered the verification code on the URL sent with the email, their permissions will be restricted (even if they have the TRAC_ADMIN privilege, they won't be able to access anything exceeding the standard privileges of authenticated users).

Note that with the current code, this will only happen if an email was specified - but this is not enforced on registration. In other words, if some user registers w/o specifying an email address, this will be possible - no verification will be done, but the account will be created anyway. If you want to enforce entering a valid email on registration, there's a patch for this attached to ticket #5509 you could use (read more there). Be warned that it is not thoroughly tested yet - so if you use it, feel free to add your comments to that ticket :)

Post Setup/Configuration

In order to use the Account Manager plugin, while logged in as a user with TRAC_ADMIN rights, use the new “Admin” link on the menubar.

Once in, you might want to enable the permissions to allow the “authenticated” user group permissions. For instance, if you remove the anonymous group from TICKET_MODIFY, and WIKI_MODIFY, and add the “authenticated” group instead, only authenticated, logged-in (registered) users can perform ticket modifications and wiki editing.